Добридень. Сервер Debian Linux. Поштовик Postfix.
Я дізнався, що багато смап-повідомлень розсилається з цього серверу.
Проблема в тому, що це не тільки поштовик, але ще й шлюз.
Питання. Як дізнатися, що спам відсилається не з сервера, а користувачем з мережі.
По-друге. якщо з сервера, то як дізнатися, хто саме розсилає?
----------- Forwarded message ----------
From: Abuse-Team (auto-generated) <autogenerated@blocklist.de>
Date: 2012/5/12
Subject: [noreply] abuse report about 212.111.206.147 - Sat, 12 May 2012 22:19:13 +0200 -- service: badbot (Again x 118) RID: 30342928
To: "Abuse-Team of IP: 212.111.206.147" <abuse@uran.ua>
Hello Abuse-Team,
your Server with the IP: 212.111.206.147 has attacked one of our server/partner on the service:
"badbot" on Time: Sat, 12 May 2012 22:19:13 +0200. The time is from the Server of the blocklist-user
(so, please check it +-10 minutes, when the time is false).
The IP was automatically blocked for a while time. To block an IP, it needs
most 3 failed Logins (ssh, imap....), one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist on mail...)! The Server-Owner can set the limits and not blocklist.de!
The IP has send a SPAM-Comment on a Honeypot-Forum or Honeypot-Wiki with URLs to e.g. buy viagra
or link to other spamvertised sites. He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who is abused:
http://blog.blocklist.de/2011/03/14/erlauterung-der-einzelnen-dienste-badbots-apacheddos-postfix/#badbots
If the IP a Tor-Server: http://blog.blocklist.de/tor-server-owner/
Please check the machine behind the IP 212.111.206.147 (212.111.206.147) and fix the problem.
This is the 118 Attack (reported: 119) from this IP; see:
https://www.blocklist.de/en/view.html?ip=212.111.206.147
You can parse this Mail with X-ARF-Tools from http://www.x-arf.org/tools.html e.g. validatexarf-php.tar.gz.
You found more Information about X-Arf under http://www.x-arf.org/specification.html
This mail will be sent again after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.
To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will
be canceled and you will get new reports.
https://www.blocklist.de/en/insert.html?ip=212.111.206.147&email=abuse@uran.ua
We found your address in the Whois-Data from the IP under the SearchString "abuse-mailbox"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.
------------------------------
blocklist.de Abuse-Team
This message was sent automatically, please answer us for Questions to abuse-team@blocklist.de
or go to: https://www.blocklist.de/en/contact.html?RID=30342928
------------------------------
---
Reported-From: abuse-team@blocklist.de
Category: info
Report-Type: info
Service: badbot
Version: 0.1
User-Agent: Fail2BanFeedBackScript blocklist.de V0.1
Date: Sat, 12 May 2012 22:19:13 +0200
Source-Type: ip-address
Source: 212.111.206.147
Port: 80
Report-ID: 30342928@blocklist.de
Schema-URL: http://www.blocklist.de/downloads/schema/info_0.1.1.json
Attachment: text/plain
Lines containing IP:212.111.206.147
212.111.206.147 - - [12/May/2012:22:19:13 +0200] "POST /posting.php HTTP/1.0" 200 37477 "-" "-"
Monster Beats the one who brighten
Be creating killer Monster Beats Just Beats fast C Guaranteed. monster beats by dr dre Headphones bodyThis classic Purple Beats by Dr.Dre. Studio headphones, the current business offer of 235 yuan. In the audio area Purple Beats By Dr.Dre StudioII silent sea has always been the balance of performance characteristics, to restore a balanced and accurate tri-band, sound tends to ice type, but tend to narrow sound field is regret at. Purple Beats by Dr.Dre Solo HD a bilateral outlet design, the wire length 3m, package design, like World of Warcraft equipment, can only [url=http://www.cheapmonsterbeatssolo.com/monster-beats-by-drdre-studio-kobe-p-409.html:brrfc0em]Beats By Dr Dre Kobe Brant[/url:brrfc0em] open violence, to ensure product safety. Somic EP19pro headset has a stylish appearance, excellent sound quality, and thus access to many favorite players. This headset affordable,.
Video, etc using the latest technology as well as a large touch screen making this one of the best holiday gifts for 2010. 5. Golf Club Drink Dispenser from the Sharper Image For the avid golfers in your comes this innovative product. It allows golfers to dispense both hot and cold beverages on the golf course and is in the shape of a golf club. One of the best Christmas gifts 2010 for men that will also be a great aconversational piece. Very easy to store and clean making it one of the best holiday gifts 2010 for men. 6. LG 32-inch LCD HDTV Men love their TVs which makes this one of the best Christmas gifts 2010 for the man [url=http://www.cheapmonsterbeatssolo.com/monster-cable-intros-the-monster-miles-davis-tribute-jazz-inear-p-417.html:brrfc0em]Monster Miles Davis Tribute[/url:brrfc0em] in your life that he will appreciate. This is a very reasonably priced HDTV when compared to others that are similar.
копія звіту про атаку. Сиджу й думаю, причом тут пошта, якщо атака йде на 80й порт.
мабуть мова йде про спам-пости на форум.
